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DETAILED ACTION 

1. This is in response to the application filed on 11/25/03, in which claims 1-25 are presented for 
examination. 

2. The documents (status request 7/9/05 and 1/13/06) have been considered. 

Information Disclosure Statentent 

3. The information disclosure statement (IDS) submitted on 11/25/03. The submission is in 
compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being 
considered by the examiner. 

Drawings 

4. The Examiner accepts the drawings (1 1/23/03). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 
of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art 
to which said subject matter pertains. Patentability shall not be negatived by the manner in which the Invention was 
made. 

Claims 1-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Pat. No. 
6,505,192 issued to Godwin et al., ("Godwin") in view of U.S. Pub. No. 2004/0054807 issued to Harvey et 

aL. ("Harvey"). 
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As per claim 1, Godwin discloses "a searching method for a Security Policy Database" (i.e., Ipsec 
processing (searching) in a security policy database; see col. 5, lines 42-45) comprising: 

"building a set of peer-based Security Policy Database composed of a plurality of peer-based 
Security Policy Databases" (i.e., network security processing multiple nodes (databases) by accepting 
packets with Ipsec; see col. 5, lines 29-40 and Fig. 1 ); 

"searching the peer table so as to obtain a corresponding peer-based Security Policy Database" 
(i.e., locating the applicable security association into a hash table; see col. 6, lines 47-60); and 

"searching the corresponding peer-based Security Policy Database so as to obtain a security 
policy" (i.e., searching the IP to determine the applicable security association (security policy); see col. 6, 
lines 47-62). Godwing fails to explicitly disclose buildino or constructing a peer table. However, Harvey 
discloses building or constructing a peer table (see Harvey [0005 and 0025]). 

It would have been obvious to a person of ordinary skill in the art at the time the invention was 
made to modify the teachings of Godwing by building the peer table as disclosed by Harvey (see Harvey 
[0254 and 0255]). Such a modification would allow the teachings of Godwing to provide data to be 
uniformly diffused over all the participants in the peer-to-peer system (see Harvey [0138. lines 5-7]), 
thereby improving the performance and manageability of the searching method for a security policy 
database. 

As per claim 2, in addition to claim 1 , Godwing fails to explicitly disclose the step of building at 
least two data in the peer table according to a peer gateway; according to one set of peer gateway, at 
least two sets of data are built in the peer table. However, Harvey discloses building at least two data in 
the peer table (see Harvey [0025]) according to a peer gateway (see Harvey [0056]); according to one set 
of peer gateway (see Harvey [0056]), at least two sets of data are built in the peer table (see Harvey 
[0026]). 

It would have been obvious to a person of ordinary skill in the art at the time the invention was 
made to modify the teachings of Godwing with building at least two data in the peer table (see Harvey 
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[0025]) according to a peer gateway (see Harvey [0056]); according to one set of peer gateway (see 
Harvey [0056]), at least two sets of data are built in the peer table as disclosed by Harvey (see Harvey 
[0056]). Such a modification would allow the teachings of Godwing to provide data to be uniformly 
diffused over all the participants in the peer-to-peer system (see Harvey [0138, lines 5-7]), thereby 
improving the performance and manageability of the searching method for a security policy database. 

As per claim 3, in addition to claim 1, Godwing further discloses "one of the two data is an internal 
networl</local area network (LAN) data"* (see col. 5, lines 54-56), "the other is an external network/wide 
area network (WAN) data" (see col. 5, lines 31-34 and Fig. 1); "one of the two sets of data is a set of 
internal network/local area network (LAN) data and the other is a set of external network/wide area 
network (WAN) data" (i.e., network interconnecting nodes for sending and receiving (two sets) packet; 
see col. 5, lines 31-34). 

As per claim 4, in addition to claim 1, Godwing further discloses "an address" (se col. 6, lines 35- 
36), "the address is a network address" (i.e., IP address; see col. 2, line 62); "the type is an internal 
network/local area network (LAN) section type, an external network/wide area network (WAN) address or 
both" (i.e., network interconnecting nodes for sending and receiving (two sets) packet; see col. 5, lines 
31-34). Godwing fails to explicitly disclose a peer identification, a type and a prefix; the peer identification 
represents the peer gateway; the prefix is the number of the bits for comparing the address. However, 
Harvey discloses a peer identification (see Harvey [0232 and 0082]), a type and a prefix (see Harvey 
[0080]); the peer identification represents the peer gateway (see Harvey [0232]); the prefix is the number 
of the bits for comparing the address (see Harvey [0415 and 0416]). 

It would have been obvious to a person of ordinary skill in the art at the time the invention was 
made to modify the teachings of Godwing with a peer identification, a type and a prefix; the peer 
identification represents the peer gateway; the prefix is the number of the bits for comparing the address 
as disclosed by Harvey (see Harvey [0232, 0080 and 0415-0416]). Such a modification would allow the 
teachings of Godwing to provide data to be uniformly diffused over all the participants in the peer-to-peer 
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system (see Harvey [0138, lines 5-7]), thereby improving the performance and manageability of the 
searching method for a security policy database. 

As per claim 5. Godwing discloses "the address included in the internal network/local area 
network (LAN) data is an internal network/local area network (LAN) section" (i.e., network interconnecting 
nodes for sending and receiving (two sets) packet; see col. 5, lines 31-34). 

As per claim 6, Godwing discloses "the address included in the external network/wide area 
network (WAN) data is an external network/wide area network (WAN) address" (i.e., network 
interconnecting nodes (WAN) for sending and receiving (two sets) packet; see col. 5, lines 31-34). 

As per claim 7, in addition to claim 4, Godwing fails to explicitly disclose the peer identification is 
0. the address is 0, the type is B, and the prefix is 0. However, Harvey discloses the peer identification is 
0, the address is 0, the type is B, and the prefix is 0 (see Harvey [0082], particularly col. 2, lines 9-15). 

It would have been obvious to a person of ordinary skill in the art at the time the invention was 
made to modify the teachings of Godwing with the peer identification is 0, the address is 0, the type is B, 
and the prefix is 0 as disclosed by Harvey (see Harvey [0082]). Such a modification would allow the 
teachings of Godwing to provide data to be uniformly diffused over all the participants in the peer-to-peer 
system (see Harvey [0138, lines 5-7]), thereby improving the performance and manageability of the 
searching method for a security policy database. 

As per claim 8, in addition to claim 1, Godwing further discloses "a plurality of peer-based 
Security Policy Databases are built" (i.e., network interconnecting two nodes with Ipsec; see col. 5. lines 
29-41). Godwing fails to explicitly disclose the step of building a peer-based Security Policy Database 
according to a peer gateway for storing a security policy relating to the peer gateway; according to a 
plurality of peer gateways. However, Harvey discloses of building a peer-based Security Policy Database 



Application/Control Number: Page 6 

10/720,074 

Art Unit: 2162 

(see Harvey [0026]) according to a peer gateway; according to one set of peer gateway for storing a 
security policy relating to the peer gateway; according to a plurality of peer gateway (see Harvey [0056]). 

It would have been obvious to a person of ordinary skill in the art at the time the invention was 
made to modify the teachings of Godwing with step of building a peer-based Security Policy Database 
according to a peer gateway for storing a security policy relating to the peer gateway; according to a 
plurality of peer gateways as disclosed by Harvey (see Harvey Fig. 1 A). Such a modification would allow 
the teachings of Godwing to provide data to be uniformly diffused over all the participants in the peer-to- 
peer system (see Harvey [0138. lines 5-7]), thereby improving the performance and manageability of the 
searching method for a security policy database. 

As per claim 9, in addition to claim 1, Godwing fails to explicitly disclose a step of building a 
default peer-based Security Policy Database according to a default peer gateway for storing the security 
policy relating to the default peer gateway. However, Harvey discloses building a default peer-based 
Security Policy Database (see Harvey [0026]) according to a default peer gateway for storing a security 
policy relating to the default peer gateway (see Harvey [0056]). 

It would have been obvious to a person of ordinary skill in the art at the time the invention was 
made to modify the teachings of Godwing with a step of building a default peer-based Security Policy 
Database according to a default peer gateway for storing the security policy relating to the default peer 
gateway as disclosed by Harvey (see Harvey Fig. 1A). Such a modification would allow the teachings of 
Godwing to provide data to be uniformly diffused over all the participants in the peer-to-peer system (see 
Harvey [0138, lines 5-7]), thereby improving the performance and manageability of the searching method 
for a security policy database. 

As per claim 10, in addition to claim 8, Godwing further discloses "the selector is a source 
address or a destination address" (i.e., destination IP address; see col. 2, line 62). 
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As per claim 1 1 , the limitations of claim 1 1 are rejected in the analysis of claim 9, and this claim is 
rejected on that basis. 

As per claim 12, in addition to claim 1, Godwing further discloses "a method for adding-in a 
security policy, the method comprises: adding the security policy in the set of peer-based Security Policy 
Database according to a selector" (i.e., permitted with Ipsec processing (packet), in a security policy 
database; see col. 5, lines 42-45). 

As per claim 13. Godwing discloses "the selector is a source address or destination address" (I.e., 
destination IP address; see col. 2. line 62). 

As per claim 14, in addition to claim 1 , Godwing further discloses ''a method for deleting a security 
policy, the method comprises: deleting the security policy from the set of peer-based Security Policy 
Database according to a selector" (i.e., denied permitted without Ipsec processing (packet), in a security 
policy database; see col. 5, lines 42-45). 

As per claim 15, Godwing discloses "the selector is a source address or destination address" (i.e., 
destination IP address; see col. 2, line 62). 

As per claim 16, in addition to claim 1, Godwing further discloses "comparing a packet and the 
peer table" (i.e., matching packet in a security policy database; see col. 5, lines 42-45 ). 

As per claim 17, Godwing discloses "the packet is an inbound IPSec packet in tunnel mode; the 
comparing step is used for comparing the source address of the outer header of the inbound IPSec 
packet in tunnel mode" (i.e.. outgoing packet and incoming packet to nodes with Ipsec processing 
determining the matching of packets in a security policy database; see coL 5, lines 29-41) and "the 
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external network/wide area network (WAN) address of the peer table" (i.e., network interconnecting nodes 
(WAN) for sending and receiving (two sets) packet; see col. 5, lines 29-34). 

As per claim 18, Godwing discloses "the packet is an inbound IPSec packet in transport mode; 
the comparing step is used for comparing the source address of the inbound IPSec packet in transport 
mode" (i.e., outgoing packet and incoming packet to nodes with Ipsec processing determining the 
matching of packets in a security policy database; see col. 5, lines 29-41) and "the external network/wide 
area network (WAN) address of the peer table" (i.e., network interconnecting nodes (WAN) for sending 
and receiving (two sets) packet; see col. 5, lines 29-34). 

As per claim 19, Godwing discloses "the packet is an inbound IP packet; the comparing step is 
used for comparing the source address of the inbound IP packet" (i.e., outgoing packet and incoming 
packet to nodes with Ipsec processing determining the matching of packets in a security policy database; 
see col. 5, lines 29-41) "with the internal network/local area network (LAN) section of the peer table" (i.e., 
network interconnecting nodes (WAN) for sending and receiving (two sets) packet; see coL 5. lines 29- 
34). 

As per claim 20, Godwing discloses "the packet is an outbound IP packet; the comparing step is 
used for comparing the destination address of the outbound IP packet" (i.e., outgoing packet and 
incoming packet to nodes with Ipsec processing determining the matching of packets in a security policy 
database; see col. 5, lines 29-41) "with the internal network/local area network (LAN) section of the peer 
table" (i.e.. network interconnecting nodes (WAN) for sending and receiving (two sets) packet; see col. 5, 
lines 29-34). 

As per claim 21, Godwing further discloses "comparing a packet and the peer-based Security 
Policy Database" (i.e., outgoing packet and incoming packet to nodes with Ipsec processing determining 
the matching of packets in a security policy database; see col. 5, lines 29-41). 
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As per claim 22, Godwing discloses "the packet is an inbound IPSec packet in tunnel mode; the 
comparing step is used for comparing the inner header of the inbound IPSec packet in tunnel mode with 
the selector of the security policy of the peer-based Security Policy Database" (i.e., determining if an 
incoming packet contains an authentication header and a security association must be identified to 
determine how to authenticate the packet and determining if the matching rule requires that Ipsec 
processing be applied; see col. 6, line 50 to col. 7, line 7 and Figs. 3 and 7). 

As per claim 23, Godwing discloses "the packet is an inbound IPSec packet in transport model; 
the comparing step is used for comparing the header of the inbound IPSec packet in transport mode with 
the selector of the security policy of the peer-based Security Policy Database" (i.e., determining if an 
incoming packet contains an authentication header and a security association must be identified to 
determine how to authenticate the packet and determining if the matching rule requires that Ipsec 
processing be applied; see coL 6, line 50 to col. 7. line 7 and Figs. 3 and 7). 

As per claim 24, Godwing discloses "the packet is an inbound IP packet; the comparing step is 
used for comparing the header of the inbound IP packet with the selector of the security policy of the 
peer-based Security Policy Database" (i.e.. determining if an incoming packet contains an authentication 
header and a security association must be identified to detenmine how to authenticate the packet and 
determining if the matching rule requires that Ipsec processing be applied; see col. 6, line 50 to col. 7, line 
7 and Figs. 3 and 7). 

As per claim 25, Godwing discloses "the packet is an outbound IP packet; the comparing step is 
used for comparing the header of the outbound IP packet with the selector of the security policy of the 
peer-based Security Policy Database" (i.e., determining if the outgoing packet contains security and 
determining the match and building the appropriate security header; see col. 9. lines 37-65 and Fig. 8). 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
U.S. Patent No. 6.715,081 issued to Attwood et al., relates to networking security. 

U.S. Patent No. 6,754,832 issued to Godwing et al., relates to networking security. 
U.S. Patent No. 6,988,106 issued to Enderwick et al., relates to security associations. 
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6. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to JEAN B. FLEURANTIN whose telephone number is 571-272-4035. The examiner can 
normally be reached on 7:05 to 4:35. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
JOHN E BREENE can be reached on 571-272-4107. The fax phone number for the organization where 
this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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